Authorization is a method of specifying an entity's (e.g., a user, a service, a role) privileges with respect to accessing resources in a secured system or a network. Once the entity is identified and authenticated, access privileges of the authenticated entity are enforced. In most common cases, privileges given to the entity are a combination of several different actions on several different resources. Each such action may be classified differently. For example, some actions are more intrusive while others are less intrusive, and some resources have a higher degree of confidentiality or criticality while others have a lesser degree of confidentiality or criticality.
There are many mechanisms that try to unequivocally authenticate the entry to the secured system. However, in many cases, if hackers have access to the device used for authentication, it is possible to hijack the identity either permanently or temporarily and use the identity privileges to cause significant damage to the secured system and/or to access confidential information. Such damage may be evident shortly after a breach. However, in certain cases, it may take some time to identify such a security breach while the amount of damage caused continues to build.
Yet another common vulnerability is security misconfiguration of access privileges. Maintaining the proper access rights to each entity in general, and particularly in large scale systems to be secured, is practically an insurmountable challenge. That is, entities may unintentionally obtain access right simply due to a complex authorization hierarchy, grouping of entities, and more. The larger and more complex the system, the more likely it is for access errors to creep in and remain in the system. This may happen with or without a malicious intent. Such misconfiguration may thus cause unintended breaches and provide unauthorized access to the entity.
Regardless of whether a security system serves the purposes of information asset protection or provides general security outside the scope of information technology (IT), it is common to have three main security processes working together to provide access to assets in a controlled manner. The first is authentication, often referred to as Identification and Authentication, which is typically utilized for the purposes of determining and validating an entity's identity. The second is authorization, which is typically utilized to provide users with the access rights only to resources that they are eligible access. The third is accounting, also referred to as auditing, which provides an audit trail of a user's actions.
Each of those processes, while serving a specific goal, is based on the assumed validity and reliability of the previous step. Therefore, if an authentication device erroneously assumes that a given identity of an entity is authenticated properly, the authorization mechanism, being oblivious of an authentication failure, will allow an unauthorized entity to perform actions or get access to the resources it is meant to protect.
Existing solutions provide for many strong identification and authentication mechanisms like public key infrastructure (PKI), multi-factor authentication (MFA), cloud access security broker (CASB), and the like. However, if the device used to perform the identification/authentication is compromised, a malicious code or a hacker can hijack the identity of the entity temporarily or permanently and use that identity to perform actions or to gain access to resources which it is not approved to access.
Existing solutions are also vulnerable to other sorts of security breaches, such as breach of the communication channel, man-in-the-middle, session or cookie breaches, and more. Such a vulnerability may allow an authorized access to a protected resource. The risk is therefore clear, once a user is authenticated to access protected resources, the user may access these resources without a further check. Moreover, typically the authorization mechanism cannot differentiate between riskier actions or access to more confidential resources and less risky actions or access to lesser confidential resources. As a result, all resources may be subject to a heightened risk of breach, malicious or otherwise.
One of the challenges in authorization is that managing the privileges and, therefore, controlling access to resources of a system using security policies has grown. Researchers and system developers have simplified the administrative process by using groups of users who have the same authorizations. User groups were the precursor to role-based access control. Role-based access control (RBAC) systems group permissions into roles and requires all access to occur through the RBAC systems. Groups of permissions can then be readily provided to users in the simple operation of assigning roles. RBAC has been widely adopted and provides administrative and security advantages. However, as systems increase in size, RBAC has become harder, more complex, and more expensive to implement, as well as difficult to maintain. Therefore, misconfiguration of user privileges continues to occur frequently, thereby allowing users to gain unauthorized access to protected resources.
Other solutions attempt to tackle cases where a system is compromised, or an entity's privileges are misconfigured, allowing it to perform risky actions or access confidential information. As an example, one such solution is the second password for classified privileges on the same device. When entities try to access classified privileges or perform a risky action, the entity is prompted for a second password. This is very effective if combined with strong authentication or MFA, yet the logic of the authorization process is only enforced and performed in the original system and usually is embedded in some specific business flow. Typically, these are created by the solution provider rather than the user of the solution. Therefore, misconfigurations are still prone for error, and maintenance of the classified privileges is enforced in code/implementation.
Another existing solution includes the introduction of additional users authorizing classified privileges. When an entity needs to perform classified privileges or perform a risky action, the entity needs to receive an approval from another entity that needs to authenticate and approve this action. Therefore, if one entity is compromised, it is unable to create damage/expose confidential information on its own. The main disadvantage of this solution is the dependency on another entity, which may create a slow, somewhat bureaucratic process when a human must be involved, which is not suited for large-scale operations or other vital/real time systems. Further, this solution is limited to those capabilities integrated into the product by the solution provider.
Therefore, in view of the deficiencies of the existing solutions in providing reliable, simple and flexible solution to ensure that the effective and accurate authorizations to access protected resources, it would be beneficial to have a solution that overcomes these deficiencies.